<?php
session_start();
include ('config.inc');
$errmsg=array();
$errflag=false;
//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
function clean($str){
	if(get_magic_quotes_gpc()){
		$str=stripslashes($str);
		
	}
	return mysql_real_escape_string($str);
	
}

$email=clean($_POST['youremail']);

$pass=clean($_POST['password']);


if($email==''){
$errmsg[]='Email Address is Missing';
$errflag=true;	
}
if($pass==''){
$errmsg[]='Any Account should have a Password';
$errflag=true;	
}

	if($errflag){
		$_SESSION['ERR_MSG']=$errmsg;
		header('location: ../../login.php');
		exit();
	}
	$qry=mysql_query("SELECT * FROM members WHERE email='$email' AND password='" .md5($pass) ."'");
	if($qry){
		if(mysql_num_rows($qry)==1){
			session_regenerate_id();
			$member=mysql_fetch_array($qry);
			$_SESSION['USR_ID']=$member['mem_id'];
			$_SESSION['MN']=$member['f_name'];
			$_SESSION['ML']=$member['l_name'];
			header("location: ../default.php");
			exit();
		}
		else{
			header("location: ../../login.php");
			$errmsg[]='Wrong Username or Password';
			$errflag=true;	
		}
	}
	else{
		
		die("Query Failed!");
	}

?>